httpd-users mailing list archives

Sorry Mike
I didn't see you post until just now.
What part are you having trouble with? My situation is complicated by
the fact that the dns stuff and web server are all on the same box.
If this is you problem (as it was mine) the key words are "bind views".
You can setup views in bind to handle requests from different ip's..
In terms of apache everything is running, but to get it playing the
game when a request comes from outside (not from the server itself).
The stuff to read on ipaliasing is ifconfig, but i wont go into detail
as this differs depending on the platform (I crashed our live linux box
twice trying directives that worked on osx).
Here's the mail i was sent, and I've got half way into porting things
across, but my day job is a developer rather than systems
administrator. One thing I'll add to steve's mail is make sure external
dns servers as listed in /etc/resolv.conf so your machine can still see
the rest of the world.
I'll post a full solution in the next week or so when i'll have a real
world example to share. I've got as far as moving all our domains to
the external configuration. Next will be the ip aliasing all the
domains, and then the "internal records" .
My apologies to Balanand but cryptic answers that don't help anyone
really rub me up the wrong way.
<mail from steve cowles on redhat list>
Are you sure you're not wanting (asking how) to implement bind views?
i.e.
-----------------------------------------------
# cat /var/named/internal/db.maindomain
$ttl 38400
@ IN SOA mainhost.maindomain.com.
root.mainhost.maindomain.com. (
1084742277
10800
3600
604800
38400 )
hosteddomain.com. IN NS ns.maindomain.com.
www.hosteddomain.com. IN A 10.0.0.10
ftp.hosteddomain.com. IN A 10.0.0.10
mail.hosteddomain.com IN A 10.0.0.10
hosteddomain.com. IN A 10.0.0.10
-----------------------------------------------
# cat /var/named/external/db.maindomain
$ttl 38400
@ IN SOA mainhost.maindomain.com.
root.mainhost.maindomain.com. (
1084742277
10800
3600
604800
38400 )
hosteddomain.com. IN NS ns.maindomain.com.
www.hosteddomain.com. IN A 4.5.6.10
ftp.hosteddomain.com. IN A 4.5.6.10
mail.hosteddomain.com IN A 4.5.6.10
hosteddomain.com. IN A 4.5.6.10
-----------------------------------------------
#cat /etc/named.conf
options {
directory "/var/named";
pid-file "/var/run/named/named.pid";
statistics-file "/var/log/named/named.stats";
dump-file "/var/log/named/named.dump";
zone-statistics yes;
// Listen ONLY on the following interfaces
listen-on { 127.0.0.1 ; 10.0.0.10; };
...[snip]
};
acl "trusted-nets" {
10.0.0.0/24;
127.0.0.1;
};
...[snip]
view "internal" in {
//Only allow trusted nets to query this view
match-clients { trusted-nets; };
// Enable recursion for this view
recursion yes;
// Cache data retrieved in this view
additional-from-auth yes;
additional-from-cache yes;
// Load the "root" (hints) zone
zone "." in {
type hint; // Zone is of type hint
file "root.cache"; // Specify the root
filename
};
// Load the internal 127.0.0 reverse zone
zone "0.0.127.in-addr.arpa" in {
type master; // Zone is a master
allow-transfer { none; }; // Do not accept zone
tranfers
allow-query { any; }; // Allow anyone to query
zone
file "internal/db.127.0.0"; // Load internal zone
file
};
// Load the internal maindomain.com zone
zone "maindomain.com" in {
type master; // Zone is a
master
notify yes; // Send
notifies?
file "internal/db.maindomain"; // Load zone
file
};
...[snip]
};
view "external" in {
//Allow anyone to query this view
match-clients { any; };
// Disable recursion for this view
recursion no;
// Do NOT cache data retrieved in this view
additional-from-auth no;
additional-from-cache no;
// Load the "root" (hints) zone
zone "." in {
type hint; // Zone is of type hint
file "root.cache"; // Specify the root
filename
};
// Load the external maindomain.com zone
zone "maindomain.com" in {
type master; // Zone is a master
notify yes; // Send notifies?
allow-query { any; }; // Allow anyone to query
zone
file "external/db.maindomain"; // Load zone file
};
...[snip]
};
# cat /etc/resolv.conf
search maindomain.com
nameserver 127.0.0.1
...[snip]
At least that's what I do at this end. Using the above example, any
host on
your lan configured to use this DNS server along with the server itself
(127.0.0.1) would return the 10.0.0.10 address. A query to your DNS
server
originating from the internet would return the 4.5.6.10 address. FWIW: I
configure my apache virtual's to refernece the internal ip address like
what
you posted.
Steve Cowles
</mail from steve cowles on redhat list>
Mark
On 24 May 2004, at 17:31, Michael Klama wrote:
> Mark,
> Please post the solution to your network setup as I have a similar
> network
> situation I need to setup and am have trouble understanding how to do
> it.
> This thread is about the closest that I have seen to what I need and
> would
> appreciate your help.
>
> Mike
>
>
> MRKtechWEB makes it simple to get your personal, business, or
> organizational
> presence on the internet with our easy to use web hosting plans. Make
> the
> right choice for your business now at www.mrktechweb.com
>
> -----Original Message-----
> From: Mark Lowe [mailto:mark.lowe@boxstuff.com]
> Sent: Sunday, May 23, 2004 6:44 PM
> To: users@httpd.apache.org
> Subject: Re: [users@httpd] ip aliases vhosts
>
> Okay ..
>
> Forgive my stupidity. But lets say I've the domain hosteddomain.com
> which is
> hosted on the same box which is known the world as maindomain.com
>
> hosteddomain.com. IN NS ns.maindomain.com.
> www.hosteddomain.com. IN A 10.0.0.10
> ftp.hosteddomain.com. IN A 10.0.0.10
> mail.hosteddomain.com IN A 10.0.0.10
> hosteddomain.com. IN A 10.0.0.10
>
> Now when I ping hosteddomain.com it correctly returns 10.0.0.10 .. But
> this
> of course is pretty useless. Apache seems to work fine with my
> directives as
> when i request www.hosteddomain.com i get the index page
>
> curl www.hosteddomain.com
>
> Ideally I could do this without using the hosts file so when we get
> another
> server, I can change the ip for ns.maindomain.com, mv my network
> scripts
> with the ipaliases to another machine and thus make lighter work of
> such a
> move.
>
> Now while I'm well aware this is perhaps more a apache list rather
> than a
> dns list, I'm sure there must be someone who
>
> 1. Has done this in the real world.
> and
> 2. Is charitable enough to provide more than mystical insights into the
> matter. But something like I've used to describe the problem and the
> sorts
> of examples I like to give when responding to mailing lists and such
> like.
>
> I've just had a great answer on another list, and I hope to post the
> solution on this thread when I'm done. Or I could just wait to the
> next poor
> soul to have this problem, and just mail snippets that express enough
> to
> demonstrate what I know what I'm talking about, without actually
> helping
> anyone solve the problem.
>
> Thanks
>
> Mark
>
> On 23 May 2004, at 23:52, PINNI, BALANAND (SBCSI) wrote:
>
>> The reason why I said as DNS because URL to IP conversation can take
>> place on server by setting in /etc/hosts but not for remote servers.
>>
>> # nslookup urlname.domain.com
>>
>> should Display IP . Only then it will work.
>>
>> Thanks
>> Balanand Pinni
>>
>> -----Original Message-----
>> From: Mark Lowe [mailto:mark.lowe@boxstuff.com]
>> Sent: Sunday, May 23, 2004 4:16 PM
>> To: users@httpd.apache.org
>> Subject: Re: [users@httpd] ip aliases vhosts
>>
>>
>>
>> On 23 May 2004, at 23:05, PINNI, BALANAND (SBCSI) wrote:
>>
>>> I have SSL but one per box.
>>>
>>> Now I have Vanitive URL i.e Aliased to network interface with
>>> ifconfig cmd is unix.
>>> So you can create multiple aliases on same physical network to access
>>> apache on the web with alias.
>>
>> Yep that's all done
>>
>>> You need to set this is your DNS
>>> server too from Unix point of view.
>>
>> This is where i think things are wrong, which I'm still looking into.
>> Problem is that the domain name resolves to the ip alias and not the
>> real ip. But I guess this is an apache list not a dns one.
>>
>>>
>>> Now set virtual host for each alias on 443 with Listen 443 i.e.
>> several
>>> stanzas.
>>>
>>> It will work.
>>
>> That in itself helps. Thanks
>>
>>>
>>> Stop and start apache .See logs for any errors if any.
>>
>> I have been..
>>
>>>
>>> Good luck.
>>>
>>> Thanks
>>> Balanand Pinni
>>>
>>> -----Original Message-----
>>> From: Mark Lowe [mailto:mark.lowe@boxstuff.com]
>>> Sent: Sunday, May 23, 2004 3:58 PM
>>> To: <users@httpd.apache.org> <users@httpd.apache.org>
>>> Subject: [users@httpd] ip aliases vhosts
>>>
>>>
>>> Hello
>>>
>>> I started a thread on this some time ago, and while I appreciated the
>>> help that was given I still haven't managed to configure things as
>> I've
>>> tried.
>>>
>>> I'd really appreciated hearing from anyone who has this working,
>> rather
>>> than just understanding the principles as I understand what the docs
>>> are saying what I should be able to do, but still cant find a way of
>>> getting it running.
>>>
>>> I've created several ip aliases
>>>
>>> 10.0.0.10, 10.0.0.11, 10.0.0.12
>>>
>>> Listen *:80
>>> Listen *:443
>>>
>>> I've tried the following variations.
>>> NameVirtualHost *
>>> and
>>> NameVirtualHost *:80
>>> NameVirtualHost *:443
>>> and
>>> NameVirtualHost 10.0.0.10
>>> NameVirtualHost 10.0.0.11
>>> NameVirtualHost 10.0.0.12
>>> and
>>> NameVirtualHost 10.0.0.10:80
>>> NameVirtualHost 10.0.0.11:80
>>> NameVirtualHost 10.0.0.12:80
>>> NameVirtualHost 10.0.0.10: 443
>>> NameVirtualHost 10.0.0.11: 443
>>> NameVirtualHost 10.0.0.12: 443
>>>
>>> And virtual hosts
>>>
>>> <VirtualHost 10.0.0.10:80>
>>> ServerName www.foo.com
>>> ...
>>>
>>> <VirtualHost 10.0.0.10:443
>>> ServerName www.foo.com
>>>
>>> and so on.
>>>
>>> I need to have this running so I can have multiple ssl certs being
>>> served from the same box. So wildcarding so Joey's example wont work
>> in
>>> this case.
>>>
>>> Someone must have this working, I've read a few bits and pieces on
>>> doing this. But something just isn't playing the game .
>>>
>>> Many thanks
>>>
>>> Mark
>>>
>>>
>>>
>>>
>>>
>>> ---------------------------------------------------------------------
>>> The official User-To-User support forum of the Apache HTTP Server
>>> Project.
>>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>> " from the digest: users-digest-unsubscribe@httpd.apache.org
>>> For additional commands, e-mail: users-help@httpd.apache.org
>>>
>>>
>>> ---------------------------------------------------------------------
>>> The official User-To-User support forum of the Apache HTTP Server
>>> Project.
>>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>> " from the digest: users-digest-unsubscribe@httpd.apache.org
>>> For additional commands, e-mail: users-help@httpd.apache.org
>>>
>>>
>>
>>
>> ---------------------------------------------------------------------
>> The official User-To-User support forum of the Apache HTTP Server
>> Project.
>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> " from the digest: users-digest-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>>
>>
>> ---------------------------------------------------------------------
>> The official User-To-User support forum of the Apache HTTP Server
>> Project.
>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> " from the digest: users-digest-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>>
>>
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server
> Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server
> Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org